dotnet: .NET: Denial of Service via stack overflow

A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service DoS. This could make the affected system unavailable to legitimate users...

dotnet: .NET: Security Bypass and Denial of Service Vulnerability

A flaw was found in .NET. A remote attacker could exploit a vulnerability related to unsafe transforms in EncryptedXml. This could lead to a Denial of Service DoS, making the service unavailable, and a bypass of security features...

dotnet: .NET: Denial of Service via stack overflow

A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service DoS. This could make the affected system unavailable to legitimate users...

USN-8179-1: Linux kernel vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

dotnet: .NET: Security Bypass and Denial of Service Vulnerability

A flaw was found in .NET. A remote attacker could exploit a vulnerability related to unsafe transforms in EncryptedXml. This could lead to a Denial of Service DoS, making the service unavailable, and a bypass of security features...

dotnet: .NET: Denial of Service via stack overflow

A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service DoS. This could make the affected system unavailable to legitimate users...

dotnet: .NET: Security Bypass and Denial of Service Vulnerability

A flaw was found in .NET. A remote attacker could exploit a vulnerability related to unsafe transforms in EncryptedXml. This could lead to a Denial of Service DoS, making the service unavailable, and a bypass of security features...

MAL-2026-2725 Malicious code in agent-framework-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc8c54e8fb3b687786f6141ea8ea92fa6eeb60de018eb8543a325bac6eed1f67 The package agent-framework-web was found to contain malicious code...

Malicious code in agent-framework-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc8c54e8fb3b687786f6141ea8ea92fa6eeb60de018eb8543a325bac6eed1f67 The package agent-framework-web was found to contain malicious code...

Improper Access Control

github.com/1panel-dev/1panel is vulnerable to improper access control. The vulnerability is due to trusting all proxy IPs in Gin’s default configuration, which allows an attacker to spoof the X-Forwarded-For header and bypass IP-based security controls...

wger has Broken Access Control in Global Gym Configuration Update Endpoint

Summary wger exposes a global configuration edit endpoint at /config/gym-config/edit implemented by GymConfigUpdateView. The view declares permissionrequired = 'config.changegymconfig' but does not enforce it because it inherits WgerFormMixin ownership-only checks instead of the project’s...

CVE-2026-40504 Creolabs Gravity < 0.9.6 Heap Buffer Overflow via gravity_vm_exec

Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravityvmexec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravityfiberreassign t...

Cross-site Scripting (XSS)

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Cross-site Scripting XSS via the jsxAttr and JSX attribute rendering paths in src/jsx/jsx-runtime.ts, src/jsx/base.ts, and src/jsx/dom/render.ts. An attacker can inject executable markup ...

[SECURITY] Fedora 43 Update: cef-146.0.11^chromium146.0.7680.177-2.fc43

CEF is an embeddable build of Chromium, powered by WebKit Blink...

RHEL 9 : .NET 9.0 (RHSA-2026:8474)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:8474 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

Security Updates for Microsoft .NET Framework (February 2026)

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. CVE-2025-55248 Note that...

LLM4C2Rust: Large Language Models for Automated Memory-Safe Code Transpilation

Memory safety has long been a critical challenge in software engineering, particularly for legacy systems written in memory-unsafe languages such as C and C++. Rust, one of the youngest modern programming languages, offers built-in memory-safety guarantees that make it a strong candidate for secu...

RHEL 8 : .NET 10.0 (RHSA-2026:8473)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:8473 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

MCP Framework 安全漏洞

MCP Framework is a TypeScript framework developed by Alex Andru as a building block for context protocols. Versions of the MCP Framework prior to 0.2.21 contained security vulnerabilities. These vulnerabilities stemmed from the readRequestBody function in HTTP transmissions, which concatenated th...

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to an inverted time comparison in the OIDC JWKS and token cache processes. An attacker can cause expired tokens to be reused or force repeated network requests to the OIDC provider by...